snort-rule 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
data.tar.gz.sig CHANGED
Binary file
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in snort-rule.gemspec
4
+ gemspec
@@ -1,4 +1,6 @@
1
- Copyright (c) 2011 Chris Lee, PhD
1
+ Copyright (c) 2013 chrislee35
2
+
3
+ MIT License
2
4
 
3
5
  Permission is hereby granted, free of charge, to any person obtaining
4
6
  a copy of this software and associated documentation files (the
@@ -0,0 +1,45 @@
1
+ # Snort::Rule
2
+
3
+ Constructs and parses Snort rules similar to PERL's Snort::Rule.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'snort-rule'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install snort-rule
18
+
19
+ ## Usage
20
+
21
+ rule = Snort::Rule.new({:action => 'pass', :proto => 'udp', :src => '192.168.0.1', :sport => 'any', :dir => '<>', :dst => 'any', :dport => 53, :opts => {'sid' => 48, 'threshold' => 'type limit,track by_src,count 1,seconds 3600' }})
22
+
23
+ rule.to_s => "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
24
+
25
+ rule = Snort::Rule.new
26
+ rule.action = 'pass'
27
+ rule.proto = 'udp'
28
+ rule.src = '192.168.0.1'
29
+ rule.dir = '<>'
30
+ rule.dport = 53
31
+ rule.opts['sid'] = 48
32
+ rule.opts['threshold'] = 'type limit,track by_src,count 1,seconds 3600'
33
+
34
+ rule.to_s => "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
35
+
36
+ rule = Snort::Rule.parse("pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )")
37
+ rule.to_s => "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
38
+
39
+ ## Contributing
40
+
41
+ 1. Fork it
42
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
43
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
44
+ 4. Push to the branch (`git push origin my-new-feature`)
45
+ 5. Create new Pull Request
@@ -0,0 +1,12 @@
1
+ #!/usr/bin/env rake
2
+ require "bundler/gem_tasks"
3
+
4
+ require 'rake/testtask'
5
+
6
+ Rake::TestTask.new do |t|
7
+ t.libs << 'lib'
8
+ t.test_files = FileList['test/test_*.rb']
9
+ t.verbose = true
10
+ end
11
+
12
+ task :default => :test
@@ -1,12 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
2
  # DESCRIPTION: generates and parses snort rules
3
- begin
4
- require 'snort-rule'
5
- rescue LoadError
6
- require 'rubygems'
7
- require 'snort-rule'
8
- end
9
-
10
3
  require 'getoptlong'
11
4
 
12
5
  def usage
@@ -1,3 +1,4 @@
1
+ require "snort/rule/version"
1
2
  # Generates and parses snort rules
2
3
  #
3
4
  # Author:: Chris Lee (mailto:rubygems@chrislee.dhs.org)
@@ -0,0 +1,5 @@
1
+ module Snort
2
+ class Rule
3
+ VERSION = "0.1.1"
4
+ end
5
+ end
@@ -0,0 +1,26 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'snort/rule/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "snort-rule"
8
+ spec.version = Snort::Rule::VERSION
9
+ spec.authors = ["chrislee35"]
10
+ spec.email = ["rubygems@chrislee.dhs.org"]
11
+ spec.description = %q{Parses and generates Snort rules similar to PERL's Snort::Rule}
12
+ spec.summary = %q{Class for parsing and generating Snort Rules}
13
+ spec.homepage = "http://github.com/chrislee35/snort-rule"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.3"
22
+ spec.add_development_dependency "rake"
23
+
24
+ spec.signing_key = "#{File.dirname(__FILE__)}/../gem-private_key.pem"
25
+ spec.cert_chain = ["#{File.dirname(__FILE__)}/../gem-public_cert.pem"]
26
+ end
@@ -1,18 +1,2 @@
1
- require 'rubygems'
2
- require 'bundler'
3
- begin
4
- Bundler.setup(:default, :development)
5
- rescue Bundler::BundlerError => e
6
- $stderr.puts e.message
7
- $stderr.puts "Run `bundle install` to install missing gems"
8
- exit e.status_code
9
- end
10
1
  require 'test/unit'
11
- require 'shoulda'
12
-
13
- $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
14
- $LOAD_PATH.unshift(File.dirname(__FILE__))
15
- require 'snort-rule'
16
-
17
- class Test::Unit::TestCase
18
- end
2
+ require File.expand_path('../../lib/snort/rule.rb', __FILE__)
@@ -1,12 +1,20 @@
1
- require 'helper'
1
+ unless Kernel.respond_to?(:require_relative)
2
+ module Kernel
3
+ def require_relative(path)
4
+ require File.join(File.dirname(caller[0]), path.to_str)
5
+ end
6
+ end
7
+ end
8
+
9
+ require_relative 'helper'
2
10
 
3
11
  class TestSnortRule < Test::Unit::TestCase
4
- should "constructor should set all the parameters and generate the correct rule" do
12
+ def test_constructor_should_set_all_the_parameters_and_generate_the_correct_rule
5
13
  rule = Snort::Rule.new({:action => 'pass', :proto => 'udp', :src => '192.168.0.1', :sport => 'any', :dir => '<>', :dst => 'any', :dport => 53, :opts => {'sid' => 48, 'threshold' => 'type limit,track by_src,count 1,seconds 3600' }})
6
14
  assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
7
15
  end
8
16
 
9
- should "construct a default rule and update each member to generate the correct rule" do
17
+ def test_construct_a_default_rule_and_update_each_member_to_generate_the_correct_rule
10
18
  rule = Snort::Rule.new
11
19
  rule.action = 'pass'
12
20
  rule.proto = 'udp'
@@ -18,7 +26,7 @@ class TestSnortRule < Test::Unit::TestCase
18
26
  assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
19
27
  end
20
28
 
21
- should "parse an existing rule and generate the same rule" do
29
+ def test_parse_an_existing_rule_and_generate_the_same_rule
22
30
  rule = Snort::Rule.parse("pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )")
23
31
  assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
24
32
  end
metadata CHANGED
@@ -1,156 +1,127 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: snort-rule
3
- version: !ruby/object:Gem::Version
4
- hash: 27
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.1
5
5
  prerelease:
6
- segments:
7
- - 0
8
- - 1
9
- - 0
10
- version: 0.1.0
11
6
  platform: ruby
12
- authors:
13
- - Chris Lee
7
+ authors:
8
+ - chrislee35
14
9
  autorequire:
15
10
  bindir: bin
16
- cert_chain:
17
- - |
18
- -----BEGIN CERTIFICATE-----
19
- MIIDYjCCAkqgAwIBAgIBADANBgkqhkiG9w0BAQUFADBXMREwDwYDVQQDDAhydWJ5
20
- Z2VtczEYMBYGCgmSJomT8ixkARkWCGNocmlzbGVlMRMwEQYKCZImiZPyLGQBGRYD
21
- ZGhzMRMwEQYKCZImiZPyLGQBGRYDb3JnMB4XDTExMDIyNzE1MzAxOVoXDTEyMDIy
22
- NzE1MzAxOVowVzERMA8GA1UEAwwIcnVieWdlbXMxGDAWBgoJkiaJk/IsZAEZFghj
23
- aHJpc2xlZTETMBEGCgmSJomT8ixkARkWA2RoczETMBEGCgmSJomT8ixkARkWA29y
24
- ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNM1Hjs6q58sf7Jp64A
25
- vEY2cnRWDdFpD8UWpwaJK5kgSHOVgs+0mtszn+YlYjmx8kpmuYpyU4g9mNMImMQe
26
- ow8pVsL4QBBK/1Ozgdxrsptk3IiTozMYA+g2I/+WvZSEDu9uHkKe8pvMBEMrg7RJ
27
- IN7+jWaPnSzg3DbFwxwOdi+QRw33DjK7oFWcOaaBqWTUpI4epdi/c/FE1I6UWULJ
28
- ZF/Uso0Sc2Pp/YuVhuMHGrUbn7zrWWo76nnK4DTLfXFDbZF5lIXT1w6BtIiN6Ho9
29
- Rdr/W6663hYUo3WMsUSa3I5+PJXEBKmGHIZ2TNFnoFIRHha2fmm1HC9+BTaKwcO9
30
- PLcCAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQURzsNkZo2rv86Ftc+hVww
31
- RNICMrwwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQBRRw/iNA/PdnvW
32
- OBoNCSr/IiHOGZqMHgPJwyWs68FhThnLc2EyIkuLTQf98ms1/D3p0XX9JsxazvKT
33
- W/in8Mm/R2fkVziSdzqChtw/4Z4bW3c+RF7TgX6SP5cKxNAfKmAPuItcs2Y+7bdS
34
- hr/FktVtT2iAmISRnlEbdaTpfl6N2ZWNT83khV6iOs5xRkX/+0e+GgAv9mE6nqr1
35
- AkuDXMhposxcnFZUrZ3UtMPEe/JnyP7Vv6pvr3qtZm8FidFZU91+rX/fwdyBU8RP
36
- /5l8uLWXXNt1wEbtu4N1I66LwTK2iRrQZE8XtlgZGbxYDFUkiurq3OafF2YwRs6W
37
- 6yhklP75
38
- -----END CERTIFICATE-----
39
-
40
- date: 2011-03-07 00:00:00 -05:00
41
- default_executable: snortrule
42
- dependencies:
43
- - !ruby/object:Gem::Dependency
44
- version_requirements: &id001 !ruby/object:Gem::Requirement
45
- none: false
46
- requirements:
47
- - - ">="
48
- - !ruby/object:Gem::Version
49
- hash: 3
50
- segments:
51
- - 0
52
- version: "0"
53
- requirement: *id001
54
- prerelease: false
55
- name: shoulda
56
- type: :development
57
- - !ruby/object:Gem::Dependency
58
- version_requirements: &id002 !ruby/object:Gem::Requirement
11
+ cert_chain:
12
+ - !binary |-
13
+ LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZakNDQWtxZ0F3SUJB
14
+ Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREJYTVJFd0R3WURWUVFEREFoeWRX
15
+ SjUKWjJWdGN6RVlNQllHQ2dtU0pvbVQ4aXhrQVJrV0NHTm9jbWx6YkdWbE1S
16
+ TXdFUVlLQ1pJbWlaUHlMR1FCR1JZRApaR2h6TVJNd0VRWUtDWkltaVpQeUxH
17
+ UUJHUllEYjNKbk1CNFhEVEV6TURVeU1qRXlOVGswTjFvWERURTBNRFV5Ck1q
18
+ RXlOVGswTjFvd1Z6RVJNQThHQTFVRUF3d0ljblZpZVdkbGJYTXhHREFXQmdv
19
+ SmtpYUprL0lzWkFFWkZnaGoKYUhKcGMyeGxaVEVUTUJFR0NnbVNKb21UOGl4
20
+ a0FSa1dBMlJvY3pFVE1CRUdDZ21TSm9tVDhpeGtBUmtXQTI5eQpaekNDQVNJ
21
+ d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOY1ByeDhC
22
+ WmlXSVI5eFdXRzhJCnRxUjUzOHRTMXQrVUo0RlpGbCsxdnJ0VTlUaXVXWDNW
23
+ ajM3VHdVcGEyZkZremlLMG41S3VwVlRoeUVoY2VtNW0KT0dSanZnclJGYldR
24
+ SlNTc2NJS09wd3FVUkhWS1JwVjlnVnovSG56azhTK3hvdFVSMUJ1bzNVZ3Ir
25
+ STFqSGV3RApDZ3IreSt6Z1pidGp0SHNKdHN1dWprT2NQaEVqalVpbmo2OEw5
26
+ Rno5QmRlSlF0K0lhY2p3QXpVTGl4NmpXQ2h0ClVjK2crMHo4RXNyeWNhMkc2
27
+ STFHc3JnWDZXSHc4ZHlreVFEVDlkQ3RTMmZsQ093U0MxUjBLNVQveEhXNTRm
28
+ KzUKd2N3OG1tNTNLTE5lK3RtZ1ZDNlpIeU1FK3FKc0JuUDZ1eEYwYVRFbkdB
29
+ L2pEQlFEaFFOVEYwWlAvYWJ6eVRzTAp6alVDQXdFQUFhTTVNRGN3Q1FZRFZS
30
+ MFRCQUl3QURBTEJnTlZIUThFQkFNQ0JMQXdIUVlEVlIwT0JCWUVGTzh3Cith
31
+ ZVA3VDZrVkpibENnNmV1c09JSTlEZk1BMEdDU3FHU0liM0RRRUJCUVVBQTRJ
32
+ QkFRQkNReVJKTFhzQm8yRnkKOFc2ZS9XNFJlbVFScmxBdzlESzVPNlU3MUp0
33
+ ZWRWb2Iyb3ErT2Irem1TK1BpZkUyK0wrM1JpSjJINlZUbE96aQp4K0EwNjFN
34
+ VVhoR3JhcVZxNEoyRkM4a3Q0RVF5d0FEMFAwVGE1R1UyNENHU0YwOFkzR2tK
35
+ eTFTYTRYcVRDMllDCm81MXM3SlArdGtDQ3RwVllTZHpKaFRsbGllUkFXQnBH
36
+ VjFkdGFvZVVLRTZ0WVBNQmtvc3hTUmNWR2N6ay9TYzMKN2VRQ3BleFl5OUps
37
+ VUJJOXUzQnFJWTlFK2wrTVNuOGloWFNQbXlLMERncmhhQ3Urdm9hU0ZWT1g2
38
+ WStCNXFibwpqTFhNUXUyWmdJU1l3WE5qTmJHVkhlaHV0ODJVN1U5b2lIb1dj
39
+ ck9HYXphUlVtR085VFhQK2FKTEgwZ3cyZGNLCkFmTWdsWFBpCi0tLS0tRU5E
40
+ IENFUlRJRklDQVRFLS0tLS0K
41
+ date: 2013-06-02 00:00:00.000000000 Z
42
+ dependencies:
43
+ - !ruby/object:Gem::Dependency
44
+ name: bundler
45
+ requirement: !ruby/object:Gem::Requirement
59
46
  none: false
60
- requirements:
47
+ requirements:
61
48
  - - ~>
62
- - !ruby/object:Gem::Version
63
- hash: 23
64
- segments:
65
- - 1
66
- - 0
67
- - 0
68
- version: 1.0.0
69
- requirement: *id002
70
- prerelease: false
71
- name: bundler
49
+ - !ruby/object:Gem::Version
50
+ version: '1.3'
72
51
  type: :development
73
- - !ruby/object:Gem::Dependency
74
- version_requirements: &id003 !ruby/object:Gem::Requirement
52
+ prerelease: false
53
+ version_requirements: !ruby/object:Gem::Requirement
75
54
  none: false
76
- requirements:
55
+ requirements:
77
56
  - - ~>
78
- - !ruby/object:Gem::Version
79
- hash: 7
80
- segments:
81
- - 1
82
- - 5
83
- - 2
84
- version: 1.5.2
85
- requirement: *id003
86
- prerelease: false
87
- name: jeweler
88
- type: :development
89
- - !ruby/object:Gem::Dependency
90
- version_requirements: &id004 !ruby/object:Gem::Requirement
57
+ - !ruby/object:Gem::Version
58
+ version: '1.3'
59
+ - !ruby/object:Gem::Dependency
60
+ name: rake
61
+ requirement: !ruby/object:Gem::Requirement
91
62
  none: false
92
- requirements:
93
- - - ">="
94
- - !ruby/object:Gem::Version
95
- hash: 3
96
- segments:
97
- - 0
98
- version: "0"
99
- requirement: *id004
100
- prerelease: false
101
- name: rcov
63
+ requirements:
64
+ - - ! '>='
65
+ - !ruby/object:Gem::Version
66
+ version: '0'
102
67
  type: :development
103
- description: arses and generates Snort rules similar to PERL's Snort::Rule
104
- email: rubygems@chrislee.dhs.org
105
- executables:
68
+ prerelease: false
69
+ version_requirements: !ruby/object:Gem::Requirement
70
+ none: false
71
+ requirements:
72
+ - - ! '>='
73
+ - !ruby/object:Gem::Version
74
+ version: '0'
75
+ description: Parses and generates Snort rules similar to PERL's Snort::Rule
76
+ email:
77
+ - rubygems@chrislee.dhs.org
78
+ executables:
106
79
  - snortrule
107
80
  extensions: []
108
-
109
- extra_rdoc_files:
81
+ extra_rdoc_files: []
82
+ files:
83
+ - .gitignore
84
+ - Gemfile
110
85
  - LICENSE.txt
111
- - README.rdoc
112
- files:
86
+ - README.md
87
+ - Rakefile
113
88
  - bin/snortrule
114
- - lib/snort-rule.rb
115
- - lib/snort-rule/base.rb
116
- - LICENSE.txt
117
- - README.rdoc
89
+ - lib/snort/rule.rb
90
+ - lib/snort/rule/version.rb
91
+ - snort-rule.gemspec
118
92
  - test/helper.rb
119
93
  - test/test_snort-rule.rb
120
- has_rdoc: true
121
- homepage: https://rubygems.org/gems/snort-rule
122
- licenses:
94
+ homepage: http://github.com/chrislee35/snort-rule
95
+ licenses:
123
96
  - MIT
124
97
  post_install_message:
125
98
  rdoc_options: []
126
-
127
- require_paths:
99
+ require_paths:
128
100
  - lib
129
- required_ruby_version: !ruby/object:Gem::Requirement
101
+ required_ruby_version: !ruby/object:Gem::Requirement
130
102
  none: false
131
- requirements:
132
- - - ">="
133
- - !ruby/object:Gem::Version
134
- hash: 3
135
- segments:
103
+ requirements:
104
+ - - ! '>='
105
+ - !ruby/object:Gem::Version
106
+ version: '0'
107
+ segments:
136
108
  - 0
137
- version: "0"
138
- required_rubygems_version: !ruby/object:Gem::Requirement
109
+ hash: 845204443714955193
110
+ required_rubygems_version: !ruby/object:Gem::Requirement
139
111
  none: false
140
- requirements:
141
- - - ">="
142
- - !ruby/object:Gem::Version
143
- hash: 3
144
- segments:
112
+ requirements:
113
+ - - ! '>='
114
+ - !ruby/object:Gem::Version
115
+ version: '0'
116
+ segments:
145
117
  - 0
146
- version: "0"
118
+ hash: 845204443714955193
147
119
  requirements: []
148
-
149
120
  rubyforge_project:
150
- rubygems_version: 1.6.1
121
+ rubygems_version: 1.8.25
151
122
  signing_key:
152
123
  specification_version: 3
153
124
  summary: Class for parsing and generating Snort Rules
154
- test_files:
125
+ test_files:
155
126
  - test/helper.rb
156
127
  - test/test_snort-rule.rb
metadata.gz.sig CHANGED
Binary file
@@ -1,19 +0,0 @@
1
- = snort-rule
2
-
3
- Description goes here.
4
-
5
- == Contributing to snort-rule
6
-
7
- * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
8
- * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
9
- * Fork the project
10
- * Start a feature/bugfix branch
11
- * Commit and push until you are happy with your contribution
12
- * Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
13
- * Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
14
-
15
- == Copyright
16
-
17
- Copyright (c) 2011 Chris Lee, PhD. See LICENSE.txt for
18
- further details.
19
-
@@ -1 +0,0 @@
1
- require 'snort-rule/base'